Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0005 ✕ technique: T1553 ✕
Show ATT&CK heatmapRare signature signed executable executed in the network Informational 4 variations
Attackers may use signed executables by less known vendors to bypass security features.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 30 Days
ATT&CK tactics: Defense Evasion (TA0005)ATT&CK techniques: Subvert Trust Controls: Code Signing (T1553.002)Required data: XDR AgentAttacker's goals: Adversaries may use signed binaries to bypass security features.Investigative actions: Check if this is legitimate software installed by a legitimate user and intentionally.Variations
Rare signature signed forensic tool remotely executed in the network
Medium overridden
Attackers may use signed executables by less known vendors to bypass security features. overridden
Rare signature signed forensic tool executed in the network
Low overridden
Attackers may use signed executables by less known vendors to bypass security features. overridden
Rare signature signed executable extracted from an internet-downloaded archive and executed in the network
Low overridden
Attackers may use signed executables by less known vendors to bypass security features. overridden
Rare signature signed executable downloaded from an uncommon source and executed in the network
Low overridden
Attackers may use signed executables by less known vendors to bypass security features. overridden